Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

pf: Initialize pf_kpool mutexes earlier

There are some error paths in ioctl handlers that will call
pf_krule_free() before the rule's rpool.mtx field is initialized,
causing a panic with INVARIANTS enabled.

Fix the problem by introducing pf_krule_alloc() and initializing the
mutex there. This does mean that the rule->krule and pool->kpool
conversion functions need to stop zeroing the input structure, but I
don't see a nicer way to handle this except perhaps by guarding the
mtx_destroy() with a mtx_initialized() check.

Constify some related functions while here and add a regression test
based on a syzkaller reproducer.

Reported by: syzbot+77cd12872691d219c158@syzkaller.appspotmail.com
Reviewed by: kp
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34115

pf tests: Provoke failure in pf_ioctl_addrule

MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

pf tests: pass NULL buffer to DIOCRCLRTSTATS

As discovered by syzcaller this used to provoke panics.

MFC after: 1 week

pf tests: provoke tag hashing panic

Attempt to provoke the panic fixed in r367987.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27350

pf tests: fix up a couple WARNS= 6 nits

common_init_tbl is only used within this single CU, so it should be marked
static.

WARNS=6 also complained about the var defined by
`ATF_TC_WITH_CLEANUP(getastats);` being unused, which turns out to be
because it's not been hooked up in ATF_TP_ADD_TCS. kp@ did not immediately
recall any reason for this, and the case passes on my local system, so hook
it up.

Note that I've not yet set WARNS= 6 here. Investigation is underway to see
if we can feasibly default WARNS to 6 for src builds to catch directories
too deep to inherit a WARNS from the top-level subdirectories' Makefile.inc.
Those particular WARNS settings will be subsequently removed as they become
redundant with a more-global default.

MFC after: 1 week

pf tests: Try to provoke the panic with invalid DIOCRSETTFLAGS

There was an issue with copyin() on DIOCRSETTFLAGS, which would panic if
pfrio_buffer was NULL.
Test for the issue fixed in r346319.

MFC after: 1 week
Event: Aberdeen hackathon 2019

pf tests: Check size validation in DIOCGETSRCNODES

Ensure that invalid sizes for DIOCGETSRCNODES do not cause panics.

MFC after: 1 week

pf tests: Use the ATF cleanup infrastructure in the ioctl tests

Use ATF_TC_CLEANUP(), because that means the cleanup code will get
called even if a test fails. Before it would only be executed if every
test within the body succeeded.

Reported by: Marie Helene Kvello-Aune <marieheleneka@gmail.com>
MFC after: 2 weeks

pf tests: ioctl tests require root rights

Explicitly mark these tests as requiring root rights. We need to be able
to open /dev/pf.

Reported by: Marie Helene Kvello-Aune <marieheleneka@gmail.com>
MFC after: 2 weeks

pf tests: Basic ioctl validation

Basic validation tests for DIOCRADDADDRS, DIOCRDELADDRS, DIOCRSETADDRS,
DIOCRGETADDRS, DIOCRGETASTATS, DIOCRCLRASTATS, DIOCRTSTADDRS,
DIOCRINADEFINE, DIOCXBEGIN and DIOCXROLLBACK.

MFC after: 1 week

pf tests: Try to provoke a memory leak

There was a memory leak in the DIOCRADDTABLES ioctl() code which could
be triggered by trying to add tables with the same name.
Try to provoke this memory leak. It was fixed in r331225.

MFC after: 1 week

pf tests: Basic ioctl validation for DIOCIGETIFACES and DIOCXCOMMIT

Validate the DIOCIGETIFACES and DIOCXCOMMIT ioctls with invalid values.

MFC after: 1 week

pf tests: Basic ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS

Validate the DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and
DIOCRSETTFLAGS ioctls with invalid values. These may succeed (because
the kernel uses the minimally required size, not the specified size),
but should not trigger kernel panics.

MFC after: 1 week

pf tests: Basic ioctl validation tests

Validate the DIOCRADDTABLES and DIOCRDELTABLES ioctls with invalid size
values. All of these requests should fail.

MFC after: 1 week